United Kingdom and Netherlands fine Uber with one million euros for stealing data from three million of its customers

United Kingdom and Netherlands fine Uber with one million euros for stealing data from three million of its customers

The company is sanctioned for not reporting the computer attack, which occurred in 2016, which affected 57 million users around the world

  The data protection authorities of the United Kingdom and the Netherlands have issued sanctions against the US transport company for a total amount of more than one million euros, for not having informed about three million customers of both countries about the theft of your data during a cyber attack that occurred in November 2016.

The first of the sanctions, worth 433,818 euros, has been imposed by the Office of the Information Commissioner (ICO, for its acronym in English) of the United Kingdom for "failure to protect the personal information of its clients during a cyber attack. »

  The organism, dependent of the British Parliament and that watches over the rights of information and privacy of the citizens, the sanction imposed to the taxi company because "some avoidable security failures" caused that the data of around 2.7 million leaked of British clients.

The director of investigations of the ICO, Steve Eckersley, has stated that it was "not only a serious security breach by Uber, but also a complete disregard for customers and drivers whose personal information was stolen." "At the time no measures were taken to inform the people affected by the infraction or offer help and support, which left them in a situation of vulnerability," he added.

The second penalty, worth 600,000 euros, has been set by the Data Protection Authority of the Netherlands (AP) for hiding a data breach of about 174,000 users produced after a cyber attack in 2016.

In a statement, the AP has explained that Uber chose not to make public what happened and pay $ 100,000 (88,312 euros) to hackers "quietly and hide" the hack suffered, which was discovered a year later by a leak to the press. The attack affected 174,000 Dutch users of the company.

The computer attack was perpetrated in November 2016 by two individuals from outside the company, who obtained the data of 57 million customers and drivers from all over the world, including their names, phone numbers and emails. In addition, they obtained additional information from drivers as details of the trips they had made and payments they had received.

The General Regulation of Data Protection, promoted by the European Union and which came into force in 2018, includes fines for companies that hide data leaks and do not report them in less than 72 hours.